Lizard Squad gang moves from PlayStation, Xbox Live attacks to Tor

Floods network with 3,000 relays, project devs shrug

The developers of Tor, the software that tries to mask netizens' identities on the internet, have downplayed the arrival of 3,000 new relays – which are courtesy of a gang of mischief-makers.

Tor Project members say the flood of nodes will largely be ignored by the network.

The relays were seemingly introduced by Lizard Squad – which earlier claimed to have ruined Christmas Day for gamers by knocking Xbox Live and the PlayStation Network offline. On Friday, the squad turned its attention to Tor: it insinuated on Twitter that it had added at least 3,000 relays, which bounce connections around the world to hide users' public IP addresses, to the network.

And with that, a few thousand "LizardNSA" relays appeared, with IP addresses assigned to Google's cloud engine; this suggested someone went a bit nuts with a $500 coupon, or stole some credit cards, and spun up a shedload of tiny virtual machines running Tor, or similar.

It was feared the influx of relays, controlled by a single group, could be used to trace users' connections through the network and de-anonymize them. However, as per the Tor specification, the new nodes are given little weight by the systems governing the network – meaning netizens are highly unlikely to encounter them, we're told. And, in any case, the new relays are now being blacklisted, so clients won't use them.

3000 relays, 0.2743% of the Tor network. I can't even be bothered to dredge up the golf clap gif for LizardTeam.

This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network.

But even though they are running thousands of new relays, their relays currently make up less than 1 per cent of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far.

Earlier, Lizard Squad had claimed it was testing out an alleged zero-day vulnerability in the Tor service, and then later said it was null-routing traffic reaching its relays. Each of the nodes is capable of carrying little bandwidth, though, further driving down their weighting in the network. ®